Use Netstat to See Listening Ports and PID in Windows

Being in IT for almost 8 years, I quickly learned that the netstat command in Windows can be of great benefit if you know how to use it! Even though I don’t work in IT anymore, that command still comes in handy a lot of times. For instance, my Internet connection was running really slow and I could not figure out why. I restarted the router and that normally fixes any issue, but the Internet would slow down again every time.

Finally, I ran the netstat command just for the heck of it and saw one process using up a few TCP ports. I checked it out and saw there was some weird program I had never heard of running on my computer in the background. I Googled the process and it was a virus!! Goodness knows what kind of data it was transferring, but I killed the process, restarted the computer and scanned it using a offline virus scanning tool. After the virus was gone, everything was back to normal.

I have never had that happen to me before, but had I not used the netstat command to see which ports were being used by what Windows process, I would have never known I had a virus since it was secretly running in the background. In this article, I’ll show you one handy usage of the netstat command instead of telling you 10 different commands that will make things confusing.

To get started, open the command prompt by clicking on Start and then typing cmd. In the command window, go ahead and type in the following command:

netstat -a -n -o

In the command above, the -o parameter is what will add the PID to the end of the table. Press enter and you should see something like this:

netstat ports

You can see the port being used in the second column called Local Address. You’ll see the port number after the colon. You’ll also see some ports and some PIDs listed more than once. That’s because one process can be using the same port number on different protocols like TCP, UDP, etc.

Now to see the name of the process that is using that port, go to Task Manager by pressing CTRL + SHIFT + ESC and then click on the Process tab. By default, the task manager does not display the process ID, so you have to click on View and then Select Columns.

select columns

Go ahead and check the box for PID (Process Identifier) and then click OK.

process identifier

Now you should also see the PID alongside the process name in task manager. You can click on the column header to quickly sort the list by PID, thereby making it easy to find the process you are looking for.

process task manager

And that’s about it! Hopefully this will help you find out which process is listening on what ports in Windows. If you have any questions, post a comment! Enjoy!

Comments [1]

  1. Dave says:

    Although it may take longer for netstat to run, I think you can also get the pid and application file name by adding the -b switch …. netstat -a -b -n -o or netstat -abno

Leave a Reply